[GLASSFISH-16998] Secure OSGi shell port Created: 08/Jul/11  Updated: 04/Oct/12  Resolved: 04/Oct/12

Status: Resolved
Project: glassfish
Component/s: OSGi
Affects Version/s: 4.0
Fix Version/s: 4.0_b58

Type: New Feature Priority: Minor
Reporter: Sanjeeb Sahoo Assignee: Sanjeeb Sahoo
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: Text File secure-felix-shell.trunk.patch    
Issue Links:
is related to GLASSFISH-13006 Provide way to turn off OSGi shell Resolved
is related to GLASSFISH-19124 [OSGi] Create an asadmin local comman... Resolved
GLASSFISH-19228 Update documentation for using osgi c... Sub-task Resolved Gail Risdal  
Tags: 3_1-next, 3_1_1-scrubbed


See GLASSFISH-13006 for more details. 3.1.1 release manager wants us to open a new bug closing existing GLASSFISH-13006 as that shows up in their query although that's no longer applicable for 3.1.1.

Comment by Sanjeeb Sahoo [ 10/Aug/11 ]

Turned it into an RFE since I have disabled the shell in trunk as well in svn rev #48678.

Comment by Sanjeeb Sahoo [ 07/Feb/12 ]


Could you please look into this next?


Comment by ancoron [ 30/Sep/12 ]

Attached a patch (secure-felix-shell.trunk.patch) to introduce an asadmin CLI bridge for accessing the Gogo/Felix shell (works with both).

This patch essentially does the following:

  1. introduce a remote command ("felix") to access the OSGi shell on a specific server instance (in "appserver/osgi-platforms/felix-cli-remote")
  2. introduce a local command ("felix-shell") to access the OSGi shell with an interactive/multimode frontend (in "appserver/osgi-platforms/felix-cli-interactive")
  3. modify "nucleus/packager/nucleus-osgi" to drop the old remote shell artifact inclusion
  4. modify "appserver/packager/glassfish-osgi" to include the new artifacts
  5. modify "osgi.properties" in "nucleus/osgi-platforms/felix" to replace standard remote shell with new remote command and advance default final startlevel to 3

As this approach does inherit all the security attributes from the asadmin infrastructure it should be safe to assume that the requirements are fulfilled. Also, this command allows to access a specific remote system (DAS being the default) and hence should still keep up with developer needs.

Also nice for system integrators is to know that with this approach there is one port less to secure.

Copyright on this contribution is granted as per the OCA and source files should all comply to this.

Comment by Sanjeeb Sahoo [ 04/Oct/12 ]


Thank you very much for this great quality patch. In this bug, I am going to incorporate the remote command only. I have opened a new issue called GLASSFISH-19124 to incorporate the local command. Pl see that issue for the exact reason behind this split.

I will also refactor the command name to osgi and osgi-shell instead of felix and felix-shell respectively. The modules will be added in nucleus instead of appserver distributions.


Comment by Sanjeeb Sahoo [ 04/Oct/12 ]

As said earlier, I am committing the patch related to the remote command.
r56267 | ss141213 | 2012-10-05 03:34:23 +0530 (Fri, 05 Oct 2012)

GLASSFISH-16998: Secure OSGi shell port.
Adding osgi-remote-cli module which introduces a remote command called osgi that can be used
to invoke a single osgi shell command.

Patch contributed by Ancoron, I have just made some refactoring.

Generated at Tue Oct 25 16:14:49 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.